1. photon
  2. Commit 87119d13a25431b07c3de6804f7ac2a027a6b2fe
Browse code

krb5-1.14-3: add patch to never unload gssapi mechs

Change-Id: I33484ca8652ec06adbb99cc6ad135ec1bf24e2cc
Reviewed-on: http://photon-jenkins.eng.vmware.com/653
Tested-by: jenkins-photon <wangnan2015@hotmail.com>
Reviewed-by: Sriram Nambakam

ppadmavilasom authored on 2016/03/22 07:04:12
Showing 2 changed files
SPECS/krb5/krb5-1.14-never-unload-mechanisms.patch
History View file @ 87119d1
1 1 
new file mode 100644
... ... 
@@ -0,0 +1,32 @@
0 
+From be2980a3436f68910051de8b11a398eb56639a8b Mon Sep 17 00:00:00 2001
1 
+From: Benjamin Kaduk <kaduk@mit.edu>
2 
+Date: Fri, 29 Mar 2013 17:18:40 -0400
3 
+Subject: gssapi: never unload mechanisms
4 
+
5 
+It turns out that many GSSAPI mechanisms link to the main gss-api
6 
+library creating a circular reference. Depending on how the linker
7 
+breaks the cycle at process exit time, the linker may unload the GSS
8 
+library after unloading the mechanisms. The explicit dlclose from the
9 
+GSS library tends to cause a libdl assertion failure at that
10 
+point. So, never unload plugins. They are refcounted, so dlopen
11 
+handles will not leak, although obviously the memory from the plugin
12 
+is never reclaimed.
13 
+
14 
+ticket: 7135
15 
+---
16 
+ src/lib/gssapi/mechglue/g_initialize.c |    2 --
17 
+ 1 file changed, 2 deletions(-)
18 
+
19 
+diff --git a/src/lib/gssapi/mechglue/g_initialize.c b/src/lib/gssapi/mechglue/g_initialize.c
20 
+index a7303b6..c64d9be 100644
21 
+--- a/src/lib/gssapi/mechglue/g_initialize.c
22 
+@@ -517,8 +517,6 @@
23 
+ 		memset(cf->mech, 0, sizeof(*cf->mech));
24 
+ 		free(cf->mech);
25 
+ 	}
26 
+-	if (cf->dl_handle != NULL)
27 
+-		krb5int_close_plugin(cf->dl_handle);
28 
+ 	if (cf->int_mech_type != GSS_C_NO_OID)
29 
+ 		generic_gss_release_oid(&minor_status, &cf->int_mech_type);
30 
+
SPECS/krb5/krb5.spec
History View file @ 87119d1
... ... 
@@ -1,7 +1,7 @@
1 1 
 Summary:	The Kerberos newtork authentication system
2 2 
 Name:		krb5
3 3 
 Version:	1.14
4 
-Release:	2%{?dist}
4 
+Release:	3%{?dist}
5 5 
 License:	MIT
6 6 
 URL:		http://cyrusimap.web.cmu.edu/
7 7 
 Group:		System Environment/Security
... ... 
@@ -10,6 +10,7 @@ Distribution:	Photon
10 10 
 Source0:	http://web.mit.edu/kerberos/www/dist/%{name}/%{version}/%{name}-%{version}.tar.gz
11 11 
 %define sha1 krb5=02973f6605b1170bec812af9c8da4e447eeca9a9
12 12 
 Patch0:         krb5-1.14-skip-unnecessary-mech-calls.patch
13 
+Patch1:         krb5-1.14-never-unload-mechanisms.patch
13 14 
 Requires:	openssl
14 15 
 Requires:	e2fsprogs
15 16 
 BuildRequires: 	openssl-devel
... ... 
@@ -21,6 +22,7 @@ practice of clear text passwords.
21 21 
 %prep
22 22 
 %setup -q
23 23 
 %patch0 -p1
24 
+%patch1 -p1
24 25 
 %build
25 26
26 27 
 cd src &&
... ... 
@@ -90,6 +92,8 @@ rm -rf %{buildroot}/*
90 90 
 %{_datarootdir}/man/man5/.k5login.5.gz
91 91 
 %{_docdir}/%{name}-%{version}
92 92 
 %changelog
93 
+* 	Mon Mar 21 2016 Priyesh Padmavilasom <ppadmavilasom@vmware.com>  1.14-3
94 
+- 	Add patch to never unload gssapi mechanisms
93 95 
 * 	Fri Mar 18 2016 Anish Swaminathan <anishs@vmware.com>  1.14-2
94 96 
 - 	Add patch for skipping unnecessary mech calls in gss_inquire_cred
95 97 
 *	Thu Jan 21 2016 Anish Swaminathan <anishs@vmware.com> 1.14-1